NSA reportedly collecting data secretly from Google, Yahoo

The National Security Agency has been secretly gathering online data by breaking into the main Yahoo and Google communication links connecting data centers around the world, according to a Washington Post report.

The National Security Agency has been secretly gathering online data by breaking into the main Yahoo and Google communication links connecting data centers around the world, according to a Washington Post report.

Ken Dilanian

WASHINGTON -- The National Security Agency has been secretly collecting Internet data -- almost certainly including American email traffic -- as it transits to Google and Yahoo servers abroad, according to the latest disclosure from former NSA contractor Edward Snowden.

The documents, reported by the Washington Post, describe a project code-named MUSCULAR, a cooperative effort with the agency’s British counterpart, GCHQ. Even though NSA has been obtaining data directly from Google and Yahoo with court orders through the previously disclosed PRISM program, the new documents show it also has been taking data without permission abroad, outside the oversight of the Foreign Intelligence Surveillance Court.

The latest disclosure is likely to fuel calls in Congress and elsewhere to investigate and rein in NSA surveillance.

One internal top-secret NSA document, labeled “Google Cloud Exploitation,” includes a hand-drawn sketch illustrating how Google data move around the world, complete with a smiley face. Two engineers with close ties to Google exploded in profanity when they saw the drawing, the Post reported.

Joshua Foust, a former U.S. intelligence analyst who has frequently defended NSA surveillance, said on Twitter that the latest disclosure raises questions about how the NSA could spy on American companies.

Google, Yahoo and other Internet companies maintain centers around the world through which user data flows, irrespective of the nationalities of the customers.

Asked about the Post story at a public appearance, the NSA’s director, Gen. Keith Alexander, said Wednesday that he was unaware of it, according to Politico, adding that the NSA was not authorized to access companies' data centers and instead must “go through a court process” to obtain such content.

The leaked NSA documents, however, do not say the NSA accessed data centers. They say NSA collected the data, including entire copies of Yahoo email accounts, as they were sent over fiber-optic lines between company data centers. Previously, not all such data transmissions were encrypted, or sent in code. In the wake of recent NSA disclosures, Google is moving to encrypt its traffic. Yahoo has not announced plans to do so.

In a statement, NSA spokeswoman Vanee' Vines said: “The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is not true. NSA applies attorney general-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention and dissemination. NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”

But according to a top-secret document dated Jan. 9, 2013, the Post reported, the NSA sends millions of Google and Yahoo records each day to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back more than 181 million new records — including text, audio, video and “metadata,” or “to and from” records.

White House officials and the Office of the Director of National Intelligence, which oversees the NSA, declined to confirm, deny or explain why the agency infiltrates Google and Yahoo networks overseas, the Post reported.

In a statement to the Post, Google said it was “troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.”

“We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” the company said.

A Yahoo spokeswoman told the Post: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

Under the PRISM program, first disclosed in June, the NSA gathers large volumes of online communications by legally compelling U.S. Internet companies, including Yahoo and Google, to turn over any data matching court-approved search terms. That program is authorized under Section 702 of the Foreign Intelligence Surveillance Act and overseen by the Foreign Intelligence Surveillance Court.

When the NSA gathers foreign intelligence overseas, FISA regulations do not apply. The agency instead operates under Executive Order 12333, which defines the NSA’s powers. Congress has much less visibility over what the NSA collects under EO 12333, lawmakers have said.